This article explains how to setup a Watchguard SSL 100 SSL VPN with SMS authentication. This is a simple way to implement “two factor” authentication. To logon users must have a username, password (e.g. from active directory) and a the passcode that is texted to their phone.
In order to use SMS you will need to have an account with an SMS gateway. It’s important you choose a reliable SMS gateway provider to ensure instant delivery of the SMS. I currently recommend Clickatell.
- It is assume that the SSL100 has already been setup with an IP address and is published on the internet.
- The SSL100 in the below example has already been published on the internet and configured to sync with an active directory server.
- It is recommended to make sure the SSL100 is running the latest firmware.
Step1 Clickatell Signup
Click on the below banner to sign up for an account with clickatell.
- You will need to create an account and buy credits for the “central API” product.
- Once logged in go to “manage my products” and select “get connections”. Create a HTTP/S connection
Set the options as shown below. Note the 7 digit API ID. You will need this later.
Step 2 SSL100 Setup SMS Channel
Logon to the SSL100 and go to the below screen.
Click on add SMS Channel
Select HTTP plugin and click next.
Fill out the below fields:-
- URL = https://api.clickatell.com/http/sendmsg?user=[$account]&password=[$password]&api_id=XXXXXXX&to=[$user-mobile]&text=[$message] (replace XXXXXX with your Clickatell API ID obtained in step 1)
- Account = Your Clickatell.com username
- Password = Your Clickatell.com password
Edit the mobile number and response parsing fields if required (usually you don’t need to edit these) and select finish.
Step 3- Enable Watchguard SSL Authentication
Ensure this is configured as shown below:
Step 4 User Account Properties
For each user who is using the SSL100 SMS service:
On the “general settings” tab make sure that the users phone number is specified in their user account.
On the “Watchguard authentication” tab set as below:
Note in the above example the SSL100 is configured to get password info from an external directory service i.e. Active Directory.